Re: rpc reports in tiger

["Douglas A. Tutty" <dtutty@porchlight.ca>]

On Tue, Oct 16, 2007 at 08:49:25PM +0100, michael wrote:
> 'tiger' regularly gives me reports of the form:
> 
> # Checking listening processes
> OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket
> 1019 (UDP) on every interface.
> OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket
> 1022 (UDP) on every interface.
> OLD: --WARN-- [lin002i] The process `rpc.statd' is listening on socket
> 601 (TCP) on every interface.
> NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket
> 1018 (UDP) on every interface.
> NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket
> 1021 (UDP) on every interface.
> NEW: --WARN-- [lin002i] The process `rpc.statd' is listening on socket
> 600 (TCP) on every interface.
> 
> Can somebody point me to what this all means?
> 

It means exactly what it says.  It is telling you that rpc is listening
on every interface.  Presumably, you are running nfs-server or some
other RPC-based service.  I don't have it installed right now so I can't
check the docs.  

In general, you only want a box to offer those services you need, and
only on those interfaces you need.  Most services can be limited to
specific interfaces, rather than to all interfaces.  

RPC based services can be protected to some extent with /etc/hosts.deny
and hosts.allow, but before those files are consulted, the service has
to service the request which takes some resources.  

For further info on the issues of services on public ports, see the
harden-doc package.

Doug.